Jump to content

Archived

This topic is now archived and is closed to further replies.

HALO

HIPS Rule Wilcard

Recommended Posts

Hello everyone,

 

I just want to create a HIPS rule that can block an application that running in C:\users\user\appdata. I want to deploy this configuration via ERA Policy. So I need to specify a path like C:\users\*\appdata\applicationfolder. As I see it, ESET accept only exact path while I am creating HIPS rule. Is there any solution for this?

 

Thank you

Share this post


Link to post
Share on other sites

Even if wildcards were supported in rules, the %APPDATA% variable wouldn't resolve as expected as it resolves to C:\Windows\system32\config\systemprofile\AppData for the local system account in which ekrn.exe runs.

Share this post


Link to post
Share on other sites

Hello HALO,

 

Instead of using ESET HIPS to prevent malware executables from being run out of the appdata directories, i would create a GPO for your users to combat this. You will have more options using windows.

If you need assistance i know the Crypto Prevention Kit has some GPO's for servers and term servers you can import with little effort.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...